Detecting And Visualizing Denial-of-Service And Network Probe Attacks Using Principal Component Analysis
نویسندگان
چکیده
A multivariate statistical method called Principal Component Analysis is used to detect Denial-of-Service and Network Probe attacks using the 1998 DARPA data set. Visualization of network activity and possible intrusions is achieved using Bi-plots, which are used as a graphical means for summarizing the statistics. The principal components are calculated for both attack and normal traffic, and the loading values of the various feature vector components are analyzed with respect to the principal components. The variance and standard deviation of the principal components are calculated and analyzed. A brief introduction to Principal Component Analysis and the merits of using it for detecting the selected intrusions are discussed. A method for identifying an attack based on these results is proposed. The results obtained using the proposed threshold value for detecting the selected intrusions show that a detection rate of 100% can be achieved using this method.
منابع مشابه
An application of principal component analysis to the detection and visualization of computer network attacks
Network traffic data collected for intrusion analysis is typically high-dimensional making it difficult to both analyze and visualize. Principal Component Analysis is used to reduce the dimensionality of the feature vectors extracted from the data to enable simpler analysis and visualization of the traffic. Principal Component Analysis is applied to selected network attacks from the DARPA 1998 ...
متن کاملSequence-order-independent network profiling for detecting application layer DDoS attacks
Distributed denial of service (DDoS) attacks, which are a major threat on the Internet, have recently become more sophisticated as a result of their ability to exploit application-layer vulnerabilities. Most defense methods are designed for detecting DDoS attacks on IP and TCP layers and consequently have difficulty in detecting this new type of DDoS attack. With the profiling of web browsing b...
متن کاملHF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملAn Efficient and Accurate Intrusion Detection System to detect the Network Attack Groups using the Layer wise Individual Feature Set
In the field of Network Security, Intrusion is the severe threat for various Networks. So an efficient Intrusion Detection System is required to detect the intrusions that are spread through the Network. The main idea of this paper is to reduce the average control path latency incurred between request and response of the system as well as the increasing the detection rate of network attack grou...
متن کاملDetecting Denial of Service Attack Using Principal Component Analysis with Random Forest Classifier
--Nowadays, computer network systems plays gradually an important role in our society and economy. It became a targets of a wide array of malicious attacks that invariably turn into actual intrusions. This is the reason that computer security has become an essential concern for network administrators. In this paper, an exploration of anomaly detection method has been presented. The proposed sys...
متن کامل